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1 This action is in response to the communication filed on 10/15/2008. 

2 DETAILED ACTION 

3 Continued Examination Under 3 7 CFR 1. 114 

4 A request for continued examination under 37 CFR 1.114, including the fee set forth in 



5 37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 

6 eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1 . 1 7(e) 

7 has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 

8 37 CFR 1.1 14. Applicant's submission filed on 10/15/2008 has been entered. 
9 



1 0 Response to Arguments 

1 1 Applicant's arguments filed 10/15/2008 have been fiiUy considered but they are not 

12 persuasive. 

13 Regarding applicants' argument that there would be no burden on the examiner to 



14 consider the improperly cited references from the IDS submitted 1 1/26/2003 is not found 

1 5 persuasive. The issue is not one of burden, but rather hes in the fact that the citations were not 

1 6 proper, as required by the 37 CFR 1 .98 (b)(5). For example, if the citation does not include the 

17 number pages of the submitted reference, how can the examiner accurately determine that the 

1 8 entirety of the document has been considered. As such, the examiner will not consider these 

1 9 references until they are submitted in an IDS with proper citations. 

20 In response to applicant's argument that the references fail to show certain features of 

2 1 applicant's invention, it is noted that the features upon which applicant relies (i.e., there are only 

22 two nodes in the communication system) are not recited in the rejected claim(s). Although the 
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1 claims are interpreted in light of the specification, limitations from the specification are not read 

2 into the claims. See In re Van Geuns, 988 F.2d 1 1 8 1 , 26 USPQ2d 1 057 (Fed. Cir. 1 993). In this 

3 case, the applicants have argued that in the teachings of Gupta, there is a third node. However, 

4 there is nothing in the claim language that forbids this from being the case, as the claims are 

5 recited using the language "comprising". As such, the examiner does not find the argument 

6 persuasive. 

7 Regarding the applicants' argument that Gupta does not disclose that "no pre-established 

8 security association is needed to verify the packet", the examiner does not find the argument 

9 persuasive. The applicants argue that the validity information in Gupta is pre-established. This 

10 is not forbidden by the claim language. The apphcants argue that in Gupta, the sender 

1 1 establishes a public and private key pair with a DNS server, and therefore pre-established a 

12 security association. The examiner disagrees. The instant specification paragraph 0004 indicates 

13 that a security association is part of IPSec, which Gupta does not disclose the use of IPSec, and 

14 that the security association is "a set of policy and key(s) used to protect information". The 

1 5 instant specification paragraph 0054 further states, with regards to the lack of pre-established 

16 security association, that "the nodes do not need to have any pre-established [security 

17 association], or have to exchange key values beforehand". Gupta disclosed with regards to Fig. 

18 7, that upon receipt of a signed packet, the router will check to see if it has the proper vaUdation 

19 key, and if not it will get the key from a DNS server, or a certification server. In this case, it is 

20 clear that the key needed to validate the packet was not exchanged between the sender and the 

2 1 router, and certainly not before receipt of the packet. As such, a security association was not pre- 

22 established. Therefore, the examiner does not find the argument persuasive. 
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1 The examiner notes that the applicants appear confused by the Gupta reference, wherein 

2 they have argued that the owner is the receiver of the message. Note that in Gupta, the router is 

3 the second node of the network, which performs the verification. This can be seen in Fig. 7 and 

4 the corresponding text. 

5 Regarding the applicants' argument that the header of the packet of Gupta does not 

6 contain "all" information necessary to perform the validity check, the examiner still does not find 

7 this argument persuasive. The applicants' use the language "all necessary information required 

8 for performing a validity check" throughout the specification. In order to remain consistent with 

9 the specification, the examiner has looked to the instant specification in order to interpret the 

10 usage of this language, for the purposes of searching and applying prior art. The specification 

1 1 provides evidence that this limitation means "all necessary information required for performing a 

12 validity check without the checking entity needing to further communicate with the sending 

13 network node", as the specification clearly shows that the checking node does not require 

14 further communication with the sending node in order to perform the validity checking, but that 

1 5 the checking entity may need to receive additional information from somewhere (i.e. a certificate 

1 6 authority) in order to perform the validity checking. As such, if Gupta disclosed that the key was 

17 retrieved from the DNS server, or that the algorithm to perform the verification was known by 

1 8 the verifier, this would still fall within the scope of the language, in light of the specification. 

1 9 Therefore, the examiner does not find the argument persuasive. 

20 Regarding the applicants' argument with regards to Naudus, that a security association 

2 1 requires pre-establishment, the examiner does not find the argument persuasive. The rejection 

22 does not rely upon this teaching of Naudus, but rather relies upon the teaching of Naudus that 



Application/Control Number: 1 0/72 1 ,504 Page 5 

Art Unit: 2431 

1 including timestamps in a packet prevents replay attacks. As such, the examiner does not find 

2 the argument persuasive. 

3 Further, rather than claiming what the invention is not, the examiner suggests that the 

4 applicants carefully consider the meets and bounds of their invention, and then carefully 

5 construct positive claim limitations which accurately define that scope. For example, if the 

6 applicants believe that it is important to their invention that the algorithm and key used for 

7 verification is provided in the header of the packet, then the applicants should particularly point 

8 that out in the claim language. 



9 The examiner has maintained the prior art rejections previously set forth. 

1 0 All objections and rejections not set forth below have been withdrawn. 

1 1 Claims 1-2, 4-15, 18, 42-64, and 66-68 have been examined. 

1 2 Information Disclosure Statement 

13 The information disclosure statement(s) (IDS) submitted on 1 1/26/2003 are in 



14 compliance with the provisions of 37 CFR 1 .97. Accordingly, the examiner is considering the 

15 information disclosure statements. However, the examiner notes, as indicated on the signed 

1 6 copy, that the references listed in the IDS did not properly identify the pertinent pages of each 

17 reference, and as such were not considered. See MPEP Section 609. 



1 8 Claim Rejections - 35 USC § 101 

19 35 U.S.C. 101 reads as follows: 

20 Whoever invents or discovers any new and useM process, machine, manufacture, or composition of matter, or 

2 1 any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 

22 requirements of this title. 

23 

24 Claims 66-68 are rejected under 35 U.S.C. 101 because the claimed invention is directed 



25 to non-statutory subject matter. Claims 66-68 are directed towards software per se, which has 
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1 been held by the courts as non-statutory. Because the software, as claimed, is not embodied in a 

2 statutory medium, it is simply software per se. If, however, it were claimed as being embodied 

3 on a computer readable storage medium, which does not include transmission media, the 

4 examiner believes, at this time, that the claims would be statutory. No new matter will be 

5 permitted. See MPEP 2106.01(1) 
6 



7 Claim Rejections - 35 USC § 102 

8 The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 

9 basis for the rejections under this section made in this Office action: 

10 A person shall be entitled to a patent unless 

1 1 (b) the invention was patented or described in a printed publication in this or a foreign 

12 country or in public use or on sale in this country, more than one year prior to the date of 

1 3 application for patent in the United States. 
14 

15 Claims 1-2, 5-10, 15, 18, 42-43, 45-49, 54-56, 58-60, and 62-64, and 66-68 are rejected 

1 6 under 35 U.S.C. 1 02(b) as being anticipated by Gupta et al. (US Patent Number 6,389,532) 

1 7 hereinafter referred to as Gupta. 

18 Regarding claims 1 and 66, Gupta disclosed a method (See Gupta Fig. 1 Element 104, 



19 108 or 1 12), comprising the steps of: generating validity information for a packet (See Gupta 

20 Figs. 5-6 and Col. 6 Paragraphs 2-4), wherein the validity information comprises all necessary 

21 information required to perform a validity check of the packet (See Gupta Fig 7 and Col. 6 

22 Paragraph 5 - Col. 7 Paragraph 2); the validity information comprising algorithm information to 

23 be used for performing the validity check of the packet and no pre-established security 

24 association is needed to verify the packet (See Gupta Fig. 3 and Col. 6 Paragraphs 3-4); 
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1 generating a packet header (302), comprising the validity information (See Gupta Fig. 3 and Col. 

2 6 Paragraphs 3-4); and sending the packet including the header from a first network node to a 

3 second network node (See Gupta Col. 6 Paragraph 4). 

4 Regarding claim 18, Gupta disclosed an apparatus comprising: validity information 

5 generating means for generating validity information for a packet (See Gupta Figs. 5-6 and Col. 

6 6 Paragraphs 2-4); packet header generating means for generating a header for the packet, 

7 comprising the validity information (See Gupta Fig. 3 and Col. 6 Paragraphs 3-4); and sending 

8 means for sending the packet including the header to a receiving network node (See Gupta Col. 6 

9 Paragraph 4), wherein the validity information comprises all necessary information required for 

1 0 performing a validity check of the packet and no pre-estabhshed security association is needed to 

1 1 verify the packet (See Gupta Fig 7 and Col. 6 Paragraph 5 - Col. 7 Paragraph 2) and the validity 

12 information comprises algorithm information to be used for performing the validity check of the 

13 packet (See Gupta Col. 6 Paragraphs 3-4). 

14 Regarding claim 42, Gupta disclosed an apparatus, comprising: a validity information 

1 5 generator configured to generate validity information for a packet (See Gupta Figs. 5-6 and Col. 

16 6 Paragraphs 2-4); a packet header generator configured to generate a header for the packet, 

17 comprising the validity information (See Gupta Fig. 3 and Col. 6 Paragraphs 3-4); and a 

1 8 transmitter configured to send the packet including the header to a receiving network node (See 

19 Gupta Col. 6 Paragraph 4), wherein the validity information comprises all necessary information 

20 required to perform a validity check of the packet and no pre-established security association is 

2 1 needed to verify the packet, and the validity information comprises algorithm information to be 
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1 used to perform the validity check of the packet (See Gupta Fig 7 and Col. 6 Paragraph 3 - Col. 7 

2 Paragraph 2). 

3 Regarding claim 55, Gupta disclosed an apparatus, comprising: a receiver configured to 

4 receive packets from a sending network node (See Gupta Fig. 1 Element 108, Fig. 7 and Col. 6 

5 Paragraph 5); and a checker configured to perform a validity check of a packet by referring to 

6 validity information contained in a header of the packet and no pre-established security 

7 association is needed to verify the packet (See Gupta Fig. 7 and Col. 7 Paragraph 2), wherein the 

8 validity information comprises all necessary information required to perform the validity check 

9 of the packet (See Gupta Fig 7 and Col. 6 Paragraph 5 - Col. 7 Paragraph 2), and the validity 

1 0 information comprises algorithm information to be used to perform the validity check of the 

1 1 packet (See Gupta Col. 6 Paragraphs 3-4). 

12 Regarding claim 59, Gupta disclosed an apparatus, comprising: a transmitter configured 

13 to forward packets from a sending network node to a receiving network node (See Gupta Fig. 7 

14 and Col. 6 Paragraph 5); and a checker configiired to perform a validity check of a packet by 

1 5 referring to validity information contained in a header of the packet (See Gupta Fig. 7 and Col. 7 

1 6 Paragraph 2), wherein the validity information comprises all necessary information required to 

1 7 perform a validity check of the packet and no pre-established security association is needed to 

18 verify the packet (See Gupta Fig 7 and Col. 6 Paragraph 5 - Col. 7 Paragraph 2), and the validity 

1 9 information comprises algorithm information to be used to perform the validity check of the 

20 packet (See Gupta Col. 6 Paragraphs 3-4). 

21 Regarding claims 63 and 67, Gupta disclosed a method comprising: receiving packets 

22 (See Gupta Fig 7 and Col. 6 Paragraph 5 - Col. 7 Paragraph 2); and performing a validity check 
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1 of a packet by referring to validity information contained in a header of the packet (See Gupta 

2 Fig. 7 and Col. 7 Paragraph 2), wherein the validity information comprises all necessary 

3 information required for performing the validity check of the packet and no pre-established 

4 security association is needed to verify the packet, the validity information comprising algorithm 

5 information to be used for performing the validity check of the packet (See Gupta Fig 7 and Col. 

6 6 Paragraph 3 - Col. 7 Paragraph 2). 

7 Regarding claims 64 and 68, Gupta disclosed a method comprising: forwarding received 

8 packets (Gupta Col. 7 Paragraph 2); and performing means for performing a validity check of a 

9 packet by referring to validity information contained in a header of the packet (Gupta Col. 7 

1 0 Paragraph 2), wherein the validity information comprises all necessary information required for 

1 1 performing a validity check of the packet and no pre-established security association is needed to 

12 verify the packet, the validity information comprising algorithm information to be used for 

13 performing the validity check of the packet (See Gupta Fig 7 and Col. 6 Paragraph 3 - Col. 7 

14 Paragraph 2). 

15 Regarding claims 2, 43, 56 and 60, Gupta disclosed that the generating of the validity 

16 information comprises generating security information indicating security services applied to the 

17 packet (See Gupta Col. 5 Paragraph 7). 

18 Regarding claim 5, Gupta disclosed that the generating the algorithm information 

19 comprises generating of the algorithm information which comprises values to initialize an 

20 algorithm to be used to perform the validity check of the packet (See Gupta Col. 6 Paragraphs 3- 

2 1 4, the data, the key index, the signature, or the fingerprint, for example). 
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1 Regarding claims 6, 45, 58, and 62, Gupta disclosed that the generating of the validity 

2 information comprises generating public key information of a sending node (See Gupta Col. 6 

3 Paragraphs 2-6, for example the public and private key pair, or the key index). 

4 Regarding claims 7, and 46 Gupta disclosed that the generating of the pubhc key 

5 information comprises generating reference information related to how a public key can be 

6 obtained (See Gupta Col. 6 Paragraphs 3-4 and Col. 7 Paragraph 2). 

7 Regarding claims 8, and 47, Gupta disclosed that the generating of the reference 

8 information comprises generating an identity of an entity from which the public key can be 

9 obtained (See Gupta Col. 6 Paragraphs 3-4, Col. 7 Paragraph 2, and Col. 3 Line 64 - Col. 4 Line 

10 13, wherein the index is the identity, and the entry in the table is the entity). 

1 1 Regarding claims 9, and 48, Gupta disclosed that the generating of the reference 

12 information comprises generating a public key identifier for the public key (See Gupta Col. 6 

13 Paragraphs 3-4 and Col. 7 Paragraph 2, the key index). 

14 Regarding claim 10, and 49, Gupta disclosed that the generating of the public key 

1 5 information comprises generating the public key (See Gupta Col. 6 Paragraph 2). 

16 Regarding claim 15 and 54, Gupta disclosed signing the packet using a private key 

1 7 corresponding to a public key indicated by the validity information in the packet header in a 

1 8 sending network node (See Gupta Col. 6 Paragraph 4). 
19 
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1 Claim Rejections - 35 USC § 103 

2 The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 

3 obviousness rejections set forth in this Office action: 

4 A patent may not be obtained though the invention is not identically disclosed or 

5 described as set forth in section 102 of this title, if the differences between the subject matter 

6 sought to be patented and the prior art are such that the subject matter as a whole would have 

7 been obvious at the time the invention was made to a person having ordinary skill in the art to 

8 which said subject matter pertains. Patentability shall not be negatived by the manner in which 

9 the invention was made. 
10 

1 1 Claims 4, 12-14, 44, 51-53, 57, and 61 are rejected under 35 U.S.C. 103(a) as being 

12 unpatentable over Gupta as applied to claims 1, 18, 19, and 20 above, and fiirther in view of 

1 3 Naudus (US Patent Number 6,202,08 1). 

14 Regarding claims 12-14, and 5 1-53, Gupta disclosed validation of packets, but failed to 

1 5 disclose that the step of generating the vahdity information comprises generating an information 

1 6 item for preventing replay attacks. 

17 Naudus teaches that in a packet filtering system, packets should include timestamps in 



1 8 order to prevent replay attacks. Naudus further teaches that "[rjeplay attacks occur when a 

1 9 malicious user gains access to a router or other network device on a computer network that is 

20 forwarding data packets. Legitimate data packets are intercepted and then re-sent at a later time 

21 to allow the malicious user to appear as a legitimate user. A firewall helps prevent replay attacks 

22 by checking a time-stamp in the data packet that prevents the data packets from being re-sent at a 

23 later time." (See Naudus Col. 2 Paragraph 4). 

24 It would have been obvious to the ordinary person skilled in the art at the time of 

25 invention to employ the teachings of Naudus in the packet validity checking system of Gupta by 
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1 including a timestamp in each packet and verifying the timestamp at the validity checker. This 

2 would have been obvious because the ordinary person skilled in the art would have been 

3 motivated to prevent replay attacks in the network. In this combination, the inclusion of a 

4 timestamp in each packet, in itself, is an indication of a procedure to be used for anti replay 

5 attacks. 

6 Regarding claims 4, 44, 57, and 61, Gupta did not specifically teach that the step of 

7 generating the algorithm information comprises generating the algorithm information which 

8 indicates an algorithm to be used for performing the validity check of the packet. However, as 

9 taught by Naudus, in Col. 6 Line 60 - Col. 7 Line 7, it is well known to include in the packet 

10 header, an identification of which algorithm was used to sign the packet. As such, it would have 

1 1 been obvious to have included this information within the packet. Furthermore, the ordinary 

1 2 person skilled in the art at the time of invention would have recognized that this would allow for 

13 the user of a multiplicity of signature algorithms, as well as allowing updating of the signature 

14 algorithms in the future, and therefore it would have been obvious to have included an indication 

1 5 of the signature algorithm in the packet. 

16 Claims 11, and 50 are rejected under 35 U.S. C. 103(a) as being unpatentable over Gupta 

1 7 as applied to claims 6 and 23 above, and further in view of Nikander (US Patent Number 

18 7,155,500). 

1 9 Gupta disclosed including public key information within the packets, but failed to 

20 specifically disclose including the public key itself within the packets or that the step of 

2 1 generating the public key information comprises generating public key verification information 

22 indicating information in order to verify that the public key actually belongs to the sending node. 
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1 Gupta did disclose that the public and private key pairs can be generated and stored in a 

2 certification server (See Col. 4 Paragraph 2). 

3 Nikander teaches that by including a public key itself and the certificate of the public key, 

4 the receiving host can verify that the public key is truly owned by the sender (See Nikander Col. 

5 10 Line 50 - Col. 12 Line 9). 

6 It would have been obvious to the ordinary person skilled in the art at the time of 



7 invention to employ the teachings of Nikander in the packet verification system of Gupta by 

8 including the public key and public key certificate within each packet and verifying that the 

9 sender of each packet owned the public key used to sign the packet. This would have been 

1 0 obvious because the ordinary person skilled in the art would have been motivated to ensure that a 

1 1 malicious node was not claiming to be a different node. 



12 Conclusion 

13 Claims 1-2, 4-15, 18, 42-64, and 66-68 have been rejected. 

14 Any inquiry concerning this communication or earlier communications from the 

1 5 examiner should be directed to MATTHEW T. HENNING whose telephone number is 

16 (571)272-3790. The examiner can normally be reached on M-F 8-4. 

17 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

18 supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 

19 organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 



2 Application Information Retrieval (PAIR) system. Status information for published applications 

3 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

4 applications is available through Private PAIR only. For more information about the PAIR 

5 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

6 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 

7 like assistance from a USPTO Customer Service Representative or access to the automated 

8 information system, call 800-786-9 1 99 (IN USA OR CANADA) or 57 1 -272- 1 000. 



9 



10 
11 
12 
13 



/Matthew T Henning/ 
Examiner, Art Unit 243 1 



